auth: Don't overflow cell string

If the kernel gives us bogus data back from the VIOCGETTOK pioctl,
we might overflow the cell string when copying in to it. Use
strlcpy to avoid this (unlikely) occurrence.

Caught by coverity (#985768, #985769)

Reviewed-on: http://gerrit.openafs.org/9349
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 362728d2d6d53011603dc39f691707db20866434)

Change-Id: I839c330a232525ddccc7957ead785c7ed9beec88
Reviewed-on: http://gerrit.openafs.org/11036
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/auth/ktc.c b/src/auth/ktc.c
index 832ddd67a0d1fe2896cf592e07732f1924d7b8c4..ee89982cd0c25c4245325386834261ea77da19bc 100644 (file)
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@@ -542,7 +542,7 @@ ktc_GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
                atoken->ticketLen = tktLen;
 
                if (aclient) {
-                   strcpy(aclient->cell, cellp);
+                   strlcpy(aclient->cell, cellp, sizeof(aclient->cell));
                    aclient->instance[0] = 0;
 
                    if ((atoken->kvno == 999) ||        /* old style bcrypt ticket */
@@ -726,7 +726,7 @@ ktc_ListTokens(int aprevIndex,
     tp += temp;                        /* skip clear token itself */
     tp += sizeof(afs_int32);   /* skip primary flag */
     /* tp now points to the cell name */
-    strcpy(aserver->cell, tp);
+    strlcpy(aserver->cell, tp, sizeof(aserver->cell));
     aserver->instance[0] = 0;
     strcpy(aserver->name, "afs");
 #endif /* NO_AFS_CLIENT */